Cybersecurity researchers have uncovered a new information-stealing malware named Bandit Stealer, which focuses on targeting browsers and cryptocurrency wallets. While its primary targets have been Windows systems, it possesses the potential to expand its reach to other platforms like Linux.
What sets Bandit Stealer apart is its ability to evade detection, including bypassing Windows Defender, making it a significant challenge for victims to identify.
Bandit Stealer developers actively update the malware’s features, aiming to surpass other stealing tools, as mentioned in advertisements circulating within the malware community.
However, the researchers at Trend Micro have not yet identified the specific hacking group associated with this malware or how they plan to utilize the stolen information. The stolen data could potentially be exploited for identity theft, data breaches, credential stuffing attacks, and account takeovers.
Developed using the widely-used Go programming language, Bandit Stealer can operate on multiple operating systems, enhancing its ability to avoid detection. Although it claims to be the most advanced info-stealer available, it shares similarities with other stealers such as Creal Stealer, Luna Grabber, Kyoku Cookie token stealer, and Pegasus Stealer.
Bandit Stealer targets various internet browsers and can gather sensitive victim information, including usernames, IP addresses, computer details, and country codes associated with IP addresses.
In addition to compromising browsers, Bandit Stealer poses a threat to Telegram messaging app users, particularly cryptocurrency enthusiasts. Once gaining unauthorized access, the malware can impersonate the compromised user, access private messages, and deceive others.
Notably, Bandit Stealer remains persistent, executing each time the infected computer starts or restarts, enabling continued data theft even after system shutdowns. Victims can unknowingly download this malware from malicious websites or through phishing emails, with Bandit Stealer disguising itself as harmless files like Word documents or fake installers for programs like Heartsender, commonly used in marketing and advertising.
